Xfinity urges users to change passwords after 36M customers are affected by hackers

Laptop computer displaying logo of Xfinity^ the trade name of Comcast Cable Communications^ LLC to market consumer cable television^ internet^ telephone.

Xfinity has notified its customers that a hacker data breach obtained access to the personal information of 36 million customers — comprising nearly all of Xfinity’s customers. The data included passwords, user names and security-question answers.

An Xfinity notice to customers this week said that the hack was due to a vulnerability in Citrix software that was patched. Subsequently, Xfinity discovered that hackers had nonetheless gained access to customers’ personal data. The Xfinity notice said: “after additional review of the affected systems and data, Xfinity concluded on December 6, 2023, that the customer information in scope included usernames and hashed passwords; for some customers, other information may also have been included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers.” 

According to Comcast, all Xfinity customers — even those whose accounts might not have been breached — must reset their usernames and passwords, and strongly recommended its customers enable two-factor authorization to secure accounts. It also warned customers to not re-use passwords across multiple platforms.

Comcast noted “while Xfinity advises customers not to re-use passwords across multiple accounts, the company is recommending that customers change passwords for other accounts for which they use the same username and password or security question.” 

Cloud computing company Citrix had announced a vulnerability in its software Oct. 10 and issued mitigation guidance Oct. 23; then on Oct. 25, Xfinity said, it discovered “suspicious activity and subsequently determined that between October 16 and October 19, 2023, there was unauthorized access to its internal systems that was concluded to be a result of this vulnerability.”

Customers with questions can contact Xfinity toll-free at (888) 799-2560 24 hours a day Monday through Friday from 9 a.m. to 9 p.m. Eastern time. More information is available on Xfinity’s website at xfinity.com/dataincident.

Editorial credit: monticello / Shutterstock.com